In an environment where anti-virus providers are openly admitting that their products cannot stop many attacks and in which customers are under more pressure than ever before to keep their sensitive data protected, Fortify is touting a new process dubbed business software assurance that it maintains will change the manner in which organizations defend themselves from external threats.
While many companies are using products like Fortify's software vulnerability scanning tools to block the channels most frequently being used by outside attackers, such processes will soon evolve from sporadic exercises into a continuous routine aimed at staving off any and all applications-level threats, company officials said.
From the time that applications are written until they are up-and-running in production, companies will use a plethora of technologies, from Fortify's static code analysis scanners to black box testing tools and penetration testing systems, to secure their code, officials with the vendor maintain.
In that sense, applications security is maturing from a mere testing market into a larger, more continuous process, said Roger Thornton, chief technology officer at Fortify.
"When people think about applications security today, they think of these various types of tests, but what they are realizing today is that they need to be doing this work in a risk management framework, in a more repeatable manner," Thornton said. "Companies cannot keep addressing this process from the standpoint of looking at individual point products -- they need to approach it from the perspective of business software assurance."
Leery of having the idea pigeonholed as mere vendor marketing, Thornton said that an ecosystem of providers will drive business software assurance, or BSA, including companies whose tools are used by developers as software code is being written, such as its own, through to the so-called black box testing technologies used to test live applications.
Fortify sells a bundle of static code analysis tools and more "dynamic" scanning technologies for use by software quality assurance testers, along with some real-time applications monitoring capabilities for use after programs go live.
With attacks having moved to the applications-level in dramatic fashion over the last several years, and new compliance regulations holding companies more responsible for vulnerabilities in their systems, the need to adopt risk management throughout the development lifecycle is rapidly being brought into focus, Thornton contends.
"If you have the right risk management approach within the development process, you can go a lot further toward making applications impervious toward attacks," he said. "We're in the nascent stages of this whole idea of software assurance, but we believe that this is how customers, developers, and government agencies are going to begin looking at this problem, even as soon as over the next six months."
As part of the BSA process, organizations will require that business partners and even their customers are doing their own due diligence in keeping vulnerabilities out of their applications, according to Fortify's espoused vision.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Business Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
3 Recommendations
